[sysdig] Update default registry, correct host analyzer schedule, fix…

… readme (sysdiglabs#150) * Update default registry, correct host analyer schedule, fix readme * fix: Why this file has execution permissions? Co-authored-by: Noah Kraemer <noah.kraemer@sysdig.com>
nkraemer-sysdig · May 18, 2021 · 531c32e · 531c32e
1 parent aac498a
commit 531c32e
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 9 deletions.
diff --git a/charts/sysdig/CHANGELOG.md b/charts/sysdig/CHANGELOG.md
@@ -4,6 +4,14 @@
 
 This file documents all notable changes to Sysdig Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
 
+## v1.12.1
+
+### Minor changes
+
+* Switch default registry from `docker.io` to `quay.io`
+* Update Benchmark Runner to 1.0.6.0
+* Correct error in Host Analyzer Configmap
+
 ## v1.12.0
 
 ### Major changes

diff --git a/charts/sysdig/Chart.yaml b/charts/sysdig/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v1
 name: sysdig
-version: 1.12.0
+version: 1.12.1
 appVersion: 11.2.1
 description: Sysdig Monitor and Secure agent
 keywords:

diff --git a/charts/sysdig/README.md b/charts/sysdig/README.md
@@ -87,7 +87,7 @@ The following table lists the configurable parameters of the Sysdig chart and th
 | `prometheus.yaml`                                          | prometheus.yaml content to configure metric collection: relabelling and filtering        | ` `                                                                           |
 | `extraVolumes.volumes`                                     | Additional volumes to mount in the sysdig agent to pass new secrets or configmaps        | `[]`                                                                          |
 | `extraVolumes.mounts`                                      | Mount points for additional volumes                                                      | `[]`                                                                          |
-| `nodeImageAnalyzer.deploy`                                 | Deploy the Node Image Analyzer (See https://docs.sysdig.com/en/scan-running-images.html) | `false`                                                                        |
+| `nodeImageAnalyzer.deploy`                                 | Deploy the Node Image Analyzer (See https://docs.sysdig.com/en/scan-running-images.html) | `false`                                                                       |
 | `nodeImageAnalyzer.settings.dockerSocketPath`              | The Docker socket path                                                                   |                                                                               |
 | `nodeImageAnalyzer.settings.criSocketPath`                 | The socket path to a CRI compatible runtime, such as CRI-O                               |                                                                               |
 | `nodeImageAnalyzer.settings.containerdSocketPath`          | The socket path to a CRI-Containerd daemon                                               |                                                                               |
@@ -107,7 +107,7 @@ The following table lists the configurable parameters of the Sysdig chart and th
 | `nodeImageAnalyzer.resources.limits.memory`                | Node Image Analyzer Memory limit per node                                                | `1024Mi`                                                                      |
 | `nodeImageAnalyzer.extraVolumes.volumes`                   | Additional volumes to mount in the Node Image Analyzer (i.e. for docker socket)          | `[]`                                                                          |
 | `nodeImageAnalyzer.extraVolumes.mounts`                    | Mount points for additional volumes                                                      | `[]`                                                                          |
-| `nodeAnalyzer.deploy`                                      | Deploy the Node Analyzer                                                                 | `true`                                                                       |
+| `nodeAnalyzer.deploy`                                      | Deploy the Node Analyzer                                                                 | `true`                                                                        |
 | `nodeAnalyzer.collectorEndpoint`                           | The endpoint to the Scanning Analysis collector                                          |                                                                               |
 | `nodeAnalyzer.sslVerifyCertificate`                        | Can be set to false to allow insecure connections to the Sysdig backend, such as On-Prem |                                                                               |
 | `nodeAnalyzer.debug`                                       | Can be set to true to show debug logging, useful for troubleshooting                     |                                                                               |
@@ -138,8 +138,8 @@ The following table lists the configurable parameters of the Sysdig chart and th
 | `nodeAnalyzer.hostAnalyzer.resources.limits.cpu`           | Host Analyzer CPU limit per node                                                         | `500m`                                                                        |
 | `nodeAnalyzer.hostAnalyzer.resources.limits.memory`        | Host Analyzer Memory limit per node                                                      | `1536Mi`                                                                      |
 | `nodeAnalyzer.benchmarkRunner.image.repository`            | The image repository to pull the Benchmark Runner from                                   | `sysdig/compliance-benchmark-runner`                                          |
-| `nodeAnalyzer.benchmarkRunner.image.tag`                   | The image tag to pull the Benchmark Runner                                               | `latest`                                                                      |
-| `nodeAnalyzer.benchmarkRunner.image.pullPolicy`            | The Image pull policy for the Benchmark Runner                                           | `Always`                                                                      |
+| `nodeAnalyzer.benchmarkRunner.image.tag`                   | The image tag to pull the Benchmark Runner                                               | `1.0.6.0`                                                                     |
+| `nodeAnalyzer.benchmarkRunner.image.pullPolicy`            | The Image pull policy for the Benchmark Runner                                           | `IfNotPresent`                                                                |
 | `nodeAnalyzer.benchmarkRunner.resources.requests.cpu`      | Benchmark Runner CPU requests per node                                                   | `150m`                                                                        |
 | `nodeAnalyzer.benchmarkRunner.resources.requests.memory`   | Benchmark Runner Memory requests per node                                                | `128Mi`                                                                       |
 | `nodeAnalyzer.benchmarkRunner.resources.limits.cpu`        | Benchmark Runner CPU limit per node                                                      | `500m`                                                                        |

diff --git a/charts/sysdig/templates/configmap-host-analyzer.yaml b/charts/sysdig/templates/configmap-host-analyzer.yaml
@@ -17,7 +17,7 @@ data:
   {{- end }}
   debug: "{{ .Values.nodeAnalyzer.debug | default false }}"
   {{- if .Values.nodeAnalyzer.hostAnalyzer.schedule }}
-  schedule: {{ .Values.nodeAnalyzer.hostAnalyzer.schedule }}
+  schedule: {{ .Values.nodeAnalyzer.hostAnalyzer.schedule | quote }}
   {{- end }}
   {{- if .Values.nodeAnalyzer.hostAnalyzer.analyzeAtStartup }}
   analyze_at_startup: {{ .Values.nodeAnalyzer.hostAnalyzer.analyzeAtStartup }}

diff --git a/charts/sysdig/values.yaml b/charts/sysdig/values.yaml
@@ -7,7 +7,7 @@ image:
   # As long as I don't want to people to use this, I will keep it undocumented
   overrideValue:
 
-  registry: docker.io
+  registry: quay.io
   repository: sysdig/agent
   tag: 11.2.1
   # Specify a imagePullPolicy
@@ -327,7 +327,7 @@ nodeAnalyzer:
     # The scanning schedule specification for the host analyzer expressed as a crontab string such as “5 4 * * *”.
     # The default value of @dailydefault instructs the analyzer to automatically pick a schedule that will start
     # shortly after it is deployed and will perform a scan every 24 hours.
-    # schedule: “5 4 * * *”
+    schedule: "@dailydefault"
 
     # The list of directories to inspect during the scan, expressed as a comma separated list.
     # dirsToScan: "/etc,/var/lib/dpkg,/usr/local,/usr/lib/sysimage/rpm,/var/lib/rpm,/lib/apk/db"
@@ -345,7 +345,7 @@ nodeAnalyzer:
   benchmarkRunner:
     image:
       repository: sysdig/compliance-benchmark-runner
-      tag: 1.0.4.0
+      tag: 1.0.6.0
       pullPolicy: IfNotPresent
 
     resources: